Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1866
Views
0
Helpful
1
Replies

Bad request from NAS - ACS error

allanc16
Level 1
Level 1

‎02-18-2011 04:17 PM - edited ‎03-10-2019 05:50 PM

Hello,

I have succesfully implemented AAA using ACS v4.2 and HP Procurve switches  in which they work for authenticatio, authorization and accounting however I am having an issue with a couple of switches that i know where working before.

These 2 procurve switches are configured using the same RADIUS servers, same authentication and authorization settings and of course the same shared secret key I have validated on both sides (Client and ACS) but I am getting this error which I can see on the failed attempts section on the ACS.

Message-Type: Bad request from NAS

Authen-Failure-Code: Invalid message authenticator in EAP request

Thanks

2 people had this problem
Labels:
0 Helpful
1 Reply 1

Jatin Katyal
Cisco Employee
Cisco Employee

‎02-19-2011 09:18 AM

Hi Allan,


This is a purely shared secret mis-match issue. I understand that you've already checked the secret key on both the sides and still you're getting this error.


Well, next step should be to check key under the NDG where we have defined these switches. The key defined on the NDG level over-rides the key at the AAA client level.


http://tools.cisco.com/squish/AcF7C


"Each device that is assigned to the Network Device Group will use theshared key that you enter here. The key that was assigned to the device when it was added to the system is ignored. If the key entry is null, the AAA client key is used."


Rgds, Jatin



Do rate helpful posts~

~Jatin
0 Helpful
Customers Also Viewed These Support Documents